I think you don't need to change AuthComponent to work, in ReturnURL, you can verify the user with SAML, and then save the user in the session with name 'Auth.User', which is what AuthComponent will use for saving in session, and then set Auth->loginAction to false to prevent it from authenticate again, and go to acl part directly. you should to these in your controller's beforeFilter method.
On Sat, Aug 27, 2011 at 7:18 AM, Ben McClure <ben.mccl...@gmail.com> wrote: > Thanks, Mark! > > So what would best practice be if trying to utilize off-site authentication > along with Cake's access control? > > I'm trying to build all Saml functionality into a plugin so that I can > utilize it in my other applications, so while I'm still not sure what the > best method is, I'm thinking perhaps: > > > - If a page requires authentication, AuthComponent seems to send them > to my /users/login function, so based on that: > - /users/login uses my CakeSaml plugin's SamlAuth component to initiate > SAML login (and redirect the user to the identity provider), as well as > passes a ReturnURL for the user to return to > - User authenticates and returns to the ReturnURL (somewhere in a > controller within my plugin) > - Plugin controller calls $this->Auth->login(), providing the user > record returned from the identity provider > - AuthComponent will call my SimpleSamlAuthenticate module's > authenticate() method which will verify that the user record in the session > is valid and either return the record, or false if it is invalid. > > Is that a decent flow for such a login procedure, or am I overlooking > something? > > I'm unfortunately fairly new to CakePHP's AuthComponent--in the past it > didn't allow me to do what I needed for some of my sites, so I never ended > up using it for *any* of my sites. With the changes in 2.0, however, I > think that it just might be able to do everything I need, thanks to its > extensibility. > > Anyway, thanks again! I'm loving working in CakePHP 2.0 beta so far! > > Ben McClure > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group > at http://groups.google.com/group/cake-php > -- Perry | 彭琪 http://pengqi.me -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
